commit: 7231d7d18ef229fad0364e8ff29294004c34eaff
Author: Sugar, David <dsugar <AT> tresys <DOT> com>
AuthorDate: Tue Oct 29 17:28:05 2019 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Mon Dec 16 13:13:11 2019 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=7231d7d1
Add missing gen_require for init_t in init_script_domain
Signed-off-by: Dave Sugar <dsugar <AT> tresys.com>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
policy/modules/system/init.if | 3 +++
1 file changed, 3 insertions(+)
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index bd6c965e..2e5bd3e8 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -101,6 +101,9 @@ interface(`init_script_domain',`
domtrans_pattern(init_run_all_scripts_domain, $2, $1)
ifdef(`init_systemd',`
+ gen_require(`
+ type init_t;
+ ')
allow $1 init_t:unix_stream_socket { getattr read write ioctl };
allow init_t $1:process2 { nnp_transition nosuid_transition };
